Challenge Resource

The Challenge resource is currently used by Verify Push and Verify TOTP features. It represents a single verification attempt of an Entity using a Factor. When the factor_type is push, a Challenge is created to verify the signature of the message sent from the registered device with the public key stored in the Factor. When the factor_type is totp, a Challenge is created to verify that the TOTP code provided by the user matches the one generated by the seed stored in the Factor. Some Challenge properties apply to all factor_types and others do not. A single Entity links to multiple Factors and a single Factor links to multiple Challenges.

Challenges and Billing

Verify Push

Consistent with overall Verify pricing, Verify Push is billed at a rate of $0.05 per verification. In technical terms, a Verify Push "verification" is defined as a Challenge of factor_type:push that is updated with a status of approved or denied.

Verify TOTP

Consistent with overall Verify pricing, Verify TOTP will be billed at a rate of $0.05 per verification. In technical terms, a Verify TOTP "verification" is defined as a Challenge of factor_type:totp that is updated with a status of approved.

Challenge properties

Resource Properties in REST API format
`sid`	sid<YC> Not PII A 34 character string that uniquely identifies this Challenge.
`account_sid`	sid<AC> Not PII The unique SID identifier of the Account.
`service_sid`	sid<VA> Not PII The unique SID identifier of the Service.
`entity_sid`	sid<YE> Not PII The unique SID identifier of the Entity.
`identity`	string PII MTL: 30 DAYS Customer unique identity for the Entity owner of the Challenge. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters.
`factor_sid`	sid<YF> Not PII The unique SID identifier of the Factor.
`date_created`	date_time<iso8601> Not PII The date that this Challenge was created, given in ISO 8601 format.
`date_updated`	date_time<iso8601> Not PII The date that this Challenge was updated, given in ISO 8601 format.
`date_responded`	date_time<iso8601> Not PII The date that this Challenge was responded, given in ISO 8601 format.
`expiration_date`	date_time<iso8601> Not PII The date-time when this Challenge expires, given in ISO 8601 format. The default value is five (5) minutes after Challenge creation. The max value is sixty (60) minutes after creation.
`status`	enum:challenge_statuses Not PII The Status of this Challenge. One of `pending`, `expired`, `approved` or `denied`.
`responded_reason`	enum:challenge_reasons Not PII Reason for the Challenge to be in certain `status`. One of `none`, `not_needed` or `not_requested`.
`details`	object PII MTL: 30 DAYS Details provided to give context about the Challenge. Intended to be shown to the end user.
`hidden_details`	object PII MTL: 30 DAYS Details provided to give context about the Challenge. Intended to be hidden from the end user. It must be a stringified JSON with only strings values eg. `{"ip": "172.168.1.234"}`
`metadata`	object PII MTL: 30 DAYS Custom metadata associated with the challenge. This is added by the Device/SDK directly to allow for the inclusion of device information. It must be a stringified JSON with only strings values eg. `{"os": "Android"}`. Can be up to 1024 characters in length.
`factor_type`	enum:factor_types Not PII The Factor Type of this Challenge. Currently `push` and `totp` are supported.
`url`	url Not PII The URL of this resource.
`links`	uri_map Not PII Contains a dictionary of URL links to nested resources of this Challenge.

Create a Challenge resource

post

https://verify.twilio.com/v2/Services/{ServiceSid}/Entities/{Identity}/Challenges

Parameters

Parameters in REST API format
`service_sid` Path	post sid<VA> Not PII The unique SID identifier of the Service.
`identity` Path	post string PII MTL: 30 DAYS Customer unique identity for the Entity owner of the Challenge. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters.
`factor_sid` Required	post sid<YF> Not PII The unique SID identifier of the Factor.
`expiration_date` Optional	post date_time<iso8601> Not PII The date-time when this Challenge expires, given in ISO 8601 format. The default value is five (5) minutes after Challenge creation. The max value is sixty (60) minutes after creation.
`details.message` Optional	post string Not PII Shown to the user when the push notification arrives. Required when `factor_type` is `push`. Can be up to 256 characters in length
`details.fields` Optional	post object[] Not PII A list of objects that describe the Fields included in the Challenge. Each object contains the label and value of the field, the label can be up to 36 characters in length and the value can be up to 128 characters in length. Used when `factor_type` is `push`. There can be up to 20 details fields.
`hidden_details` Optional	post object PII MTL: 30 DAYS Details provided to give context about the Challenge. Not shown to the end user. It must be a stringified JSON with only strings values eg. `{"ip": "172.168.1.234"}`. Can be up to 1024 characters in length
`auth_payload` Optional	post string Not PII Optional payload used to verify the Challenge upon creation. Only used with a Factor of type `totp` to carry the TOTP code that needs to be verified. For `TOTP` this value must be between 3 and 8 characters long.

Example 1

Loading Code Sample...

Example JSON response

Create Push Challenge

Example 2

Loading Code Sample...

Example JSON response

Create TOTP Challenge With AuthPayload

Fetch a Challenge resource

get

https://verify.twilio.com/v2/Services/{ServiceSid}/Entities/{Identity}/Challenges/{Sid}

Parameters

Parameters in REST API format

service_sid

Path

get sid<VA> Not PII

The unique SID identifier of the Service.

identity

Path

get string PII MTL: 30 DAYS

Customer unique identity for the Entity owner of the Challenges. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters.

sid

Path

get sid<YC> Not PII

A 34 character string that uniquely identifies this Challenge.

Example 1

Loading Code Sample...

Example JSON response

Fetch Challenge

Read multiple Challenge resources

get

https://verify.twilio.com/v2/Services/{ServiceSid}/Entities/{Identity}/Challenges

Parameters

Parameters in REST API format
`service_sid` Path	get sid<VA> Not PII The unique SID identifier of the Service.
`identity` Path	get string PII MTL: 30 DAYS Customer unique identity for the Entity owner of the Challenge. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters.
`factor_sid` Optional	get sid<YF> Not PII The unique SID identifier of the Factor.
`status` Optional	get ienum:challenge_statuses Not PII The Status of the Challenges to fetch. One of `pending`, `expired`, `approved` or `denied`.
`order` Optional	get ienum:list_orders Not PII The desired sort order of the Challenges list. One of `asc` or `desc` for ascending and descending respectively. Defaults to `asc`.

Example 1

Loading Code Sample...

Example JSON response

Read Challenge

Update a Challenge resource

post

https://verify.twilio.com/v2/Services/{ServiceSid}/Entities/{Identity}/Challenges/{Sid}

Parameters

Parameters in REST API format
`service_sid` Path	post sid<VA> Not PII The unique SID identifier of the Service.
`identity` Path	post string PII MTL: 30 DAYS Customer unique identity for the Entity owner of the Challenge. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters.
`sid` Path	post sid<YC> Not PII A 34 character string that uniquely identifies this Challenge.
`auth_payload` Optional	post string Not PII The optional payload needed to verify the Challenge. E.g., a TOTP would use the numeric code. For `TOTP` this value must be between 3 and 8 characters long. For `Push` this value can be up to 5456 characters in length
`metadata` Optional	post object PII MTL: 30 DAYS Custom metadata associated with the challenge. This is added by the Device/SDK directly to allow for the inclusion of device information. It must be a stringified JSON with only strings values eg. `{"os": "Android"}`. Can be up to 1024 characters in length.

Example 1

Loading Code Sample...

Example JSON response

Update Challenge

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.

Challenges and Billing

Challenge properties

Create a Challenge resource

Parameters

Example 1

Create Push Challenge

Example 2

Create TOTP Challenge With AuthPayload

Fetch a Challenge resource

Parameters

Example 1

Fetch Challenge

Read multiple Challenge resources

Parameters

Example 1

Read Challenge

Update a Challenge resource

Parameters

Example 1

Update Challenge

Need some help?

Thank you for your feedback!

Need help? Talk to Support

Thanks for your feedback!